CVE-2026-46232
Analyzed Analyzed - Analysis Complete

HID PlayStation Driver Touch Report Array Overflow

Vulnerability report for CVE-2026-46232, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-07-08
AI Q&A
2026-05-28
EPSS Evaluated
2026-07-06
NVD
EUVD

Affected Vendors & Products

Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.2 (inc) to 6.6.140 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.32 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.90 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's handling of PlayStation controller touch reports. Specifically, the function dualshock4_parse_report processes touch input data from the device. If a device falsely reports the number of touch reports, the function may read beyond the allocated touch_reports array, potentially up to about 2 KiB of memory. This happens because the loop iterates up to the reported number of touch reports without proper validation. The vulnerability is mitigated by clamping the num_touch_reports value to the maximum size of the touch_reports array, preventing out-of-bounds reads.

Impact Analysis

If exploited, this vulnerability could cause the Linux kernel to read memory beyond the intended buffer when processing touch input from a PlayStation controller. This out-of-bounds read could potentially expose sensitive kernel memory data or cause system instability. The data read might be emitted via the evdev interface, which could lead to unintended information disclosure or other unpredictable behavior.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46232. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart